Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name: PDFixers.exe
Analysis ID: 1428284
MD5: b4440eea7367c3fb04a89225df4022a6
SHA1: 5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256: a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score: 36
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: PDFixers.exe ReversingLabs: Detection: 37%
Source: PDFixers.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 172.67.147.142 172.67.147.142
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=Q/1o7mNuh5fikW8QfQj8pZbv2W22gQW8jgkIVYHaWbjaucSDx1L+/++aYi0liKAcAftPQ55D8zVpAO4skMIKg7H2PLfsZt2z3kikjf49sDnY8oTMTYTGxnqyvBAX; AWSALBCORS=Q/1o7mNuh5fikW8QfQj8pZbv2W22gQW8jgkIVYHaWbjaucSDx1L+/++aYi0liKAcAftPQ55D8zVpAO4skMIKg7H2PLfsZt2z3kikjf49sDnY8oTMTYTGxnqyvBAX
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=Q/1o7mNuh5fikW8QfQj8pZbv2W22gQW8jgkIVYHaWbjaucSDx1L+/++aYi0liKAcAftPQ55D8zVpAO4skMIKg7H2PLfsZt2z3kikjf49sDnY8oTMTYTGxnqyvBAX; AWSALBCORS=Q/1o7mNuh5fikW8QfQj8pZbv2W22gQW8jgkIVYHaWbjaucSDx1L+/++aYi0liKAcAftPQ55D8zVpAO4skMIKg7H2PLfsZt2z3kikjf49sDnY8oTMTYTGxnqyvBAX
Source: unknown DNS traffic detected: queries for: pixel.pdfixers.com
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.2903084540.000001862ADF2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.v
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.2901936557.0000018612411000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E306FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E306FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/?
Source: PDFixers.exe, 00000000.00000002.2903084540.000001862ADC3000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp, QJV1CLZP.htm.0.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/W
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.dr String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000000.00000002.2929710133.0000018E370D2000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2931218903.0000018E37E34000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000000.00000002.2930020898.0000018E3714E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2930797419.0000018E378B0000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2931218903.0000018E37E17000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-00001ad0-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000000.00000002.2903084540.000001862ADF2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com)
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E305CF000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E30630000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E30565000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2912145197.0000018E306FA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/#
Source: PDFixers.exe, 00000000.00000002.2906876472.000001862C668000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/.
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E3061C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.2901936557.00000186124CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com//
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/3
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/:#
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30565000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/H
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/_
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E30744000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E305CF000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2907114641.000001862C6C8000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2909042362.0000018E301C5000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2912145197.0000018E306FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E306FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js7
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E305CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsC:
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsZreK
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsgvZD
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E30744000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jss#
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E30744000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsu
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E30744000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsx
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js~
Source: PDFixers.exe, 00000000.00000002.2901936557.00000186124CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000000.00000002.2921981855.0000018E325D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000000.00000002.2912145197.0000018E3071C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/k
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/lE
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30573000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/llF
Source: PDFixers.exe, 00000000.00000002.2901936557.00000186124CB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E3061C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E3061C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/t
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30565000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.comD
Source: PDFixers.exe, 00000000.00000002.2916744262.0000018E30D20000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2905727021.000001862C0E2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000000.00000002.2930020898.0000018E3714E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2930797419.0000018E378B0000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2931218903.0000018E37E17000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000000.00000002.2931218903.0000018E37E34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFLNunitoSans12pt-LightVersion
Source: PDFixers.exe String found in binary or memory: https://www.globalsign.com/repository/0
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.4:49734 version: TLS 1.2
Detected potential crypto function
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B2448B 0_2_0000018E30B2448B
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B25046 0_2_0000018E30B25046
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B251C4 0_2_0000018E30B251C4
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B2512E 0_2_0000018E30B2512E
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B25242 0_2_0000018E30B25242
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B24FC0 0_2_0000018E30B24FC0
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B2534C 0_2_0000018E30B2534C
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018E30B24F19 0_2_0000018E30B24F19
PE file does not import any functions
Source: PDFixers.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: PDFixers.exe, 00000000.00000002.2903084540.000001862AE65000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameD3k vs PDFixers.exe
Source: PDFixers.exe, 00000000.00000002.2926382986.0000018E33886000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamejscript9.dll.muiD vs PDFixers.exe
Searches for the Microsoft Outlook file path
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE Jump to behavior
Source: classification engine Classification label: sus36.winEXE@1/5@1/1
Source: C:\Users\user\Desktop\PDFixers.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Mutant created: NULL
Source: PDFixers.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exe Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: PDFixers.exe ReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msimtf.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: jscript9.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: t2embed.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PDFixers.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: PDFixers.exe Static PE information: certificate valid
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exe Static file information: File size 8507584 > 1048576
Source: PDFixers.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Binary contains a suspicious time stamp
Source: PDFixers.exe Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_00007FFD9BA0063D push ebx; iretd 0_2_00007FFD9BA0066A
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\PDFixers.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18610A20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1862A410000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1862C660000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1862CEF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E308F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30940000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E309E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30A20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30A60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30A80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30AE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30B00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30B20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30B60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30B80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30BA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30BC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30BE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30C00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30C20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30C40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30C80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30CA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30CC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30CE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30D00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30F20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30F60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30F80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30FA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30FC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E30FE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31020000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31040000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31060000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31830000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31850000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31870000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31890000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E318D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E318F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31930000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31950000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31990000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E319B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E319D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E319F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31B50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31B70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31B90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31BB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31BF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31C30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31C50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31C70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31C90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31CB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31CD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31D10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31D30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31D50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31D70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31DB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31DD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31DF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31E10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31E50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31E70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31E90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31EB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31ED0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31EF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31F10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31F50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31F70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31F90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31FB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31FD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E31FF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32010000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32030000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32070000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32090000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E320B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E320D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E320F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32110000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32130000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32150000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32190000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E321B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E321D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E321F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32210000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32230000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32250000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32270000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E322B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E322D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E322F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32310000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32330000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32370000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32390000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E323D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E323F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32410000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32430000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32450000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32470000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32490000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E324D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E324F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32510000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32530000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32550000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32570000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32590000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E325B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E325F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32610000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32630000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32650000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32670000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32690000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E326B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E326D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32710000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32730000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32750000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32770000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32790000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E327B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E327D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E327F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32830000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32850000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32870000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32890000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E328B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E328D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E328F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32950000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32970000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32990000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E329B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E329D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E329F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32B30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32B50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32B90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32BB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32BF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32C10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32C30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32C50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32C90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32CB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32CD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32CF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32D10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32D30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32D50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32D70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32DB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32DD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32DF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32E10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32E30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32E50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32E70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32E90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32ED0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32EF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32F10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32F30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32F50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32F70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32F90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32FB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E32FF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33010000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33030000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33050000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33070000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33090000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E330B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E330D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33110000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33130000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33150000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33170000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33190000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E331B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E331D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E331F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33230000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33250000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33270000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33290000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E332B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E332D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E332F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33330000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33370000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33390000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E333B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E333D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E333F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33410000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33450000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33470000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33890000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E338B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E338D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E338F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33930000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33970000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33990000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E339B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E339D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E339F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33A50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33B30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33B50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18E33B70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E305CF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0
Source: PDFixers.exe, 00000000.00000002.2910463304.0000018E30630000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.2910463304.0000018E306A3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428284 Sample: PDFixers.exe Startdate: 18/04/2024 Architecture: WINDOWS Score: 36 9 pixel.pdfixers.com 2->9 13 Multi AV Scanner detection for submitted file 2->13 6 PDFixers.exe 27 2->6         started        signatures3 process4 dnsIp5 11 pixel.pdfixers.com 172.67.147.142, 443, 49734, 49736 CLOUDFLARENETUS United States 6->11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.147.142
 pixel.pdfixers.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
pixel.pdfixers.com 172.67.147.142 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pixel.pdfixers.com/ false
    		unknown
    https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js false
      		unknown